Comments (8)
I'm interested in having a library that works with the 01 MAC tokens. The current code for 00 tokens doesn't really work:
- there is no standard way to pass the MAC key, etc.
- it uses non-existent functions (
utils.generate_nonce
,utils.generate_timestamp
) - the
nonce
parameter is constructed incorrectly, it should beage:nonce
, but the code currently doesnonce:age
- there is no way to specify the token issue time, so the code can't really generate the
age
component of thenonce
parameter
Do you think it's useful to keep the 00 code and perhaps try to fix it? If I want to add 01 support, should I keep both?
from oauthlib.
I noticed you added support for both, let's keep it that way until there is some more progress on the draft and then follow the latest draft. As far as I know none is currently working on the draft as they are lacking clear use cases for when to use MAC tokens. If you happen to have one I'm sure they would be very interested to hear about it =)
from oauthlib.
Seem to be some progress on MAC tokens http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-03, will keep an eye on it.
from oauthlib.
Annoyingly enough, there's a random webservice (smsglobal.com) that thought the MAC spec (v1, I think) was a good idea...
from oauthlib.
Now in draft 05. The current implementation is 02 (according to the comments).
Should we update it or wait until the spec matures?
from oauthlib.
Not followed the changes as of late. However a quick look at the spec and
I'd say it's grown a bit in complexity since last with a few more fields in
the auth header. We could probably update but maybe hold off till there at
least is a full example?
On Sun, Aug 24, 2014 at 3:10 PM, Omer Katz [email protected] wrote:
Now in draft 05. The current implementation is 02 (according to the
comments).
Should we update it or wait until the spec matures?—
Reply to this email directly or view it on GitHub
#29 (comment).
from oauthlib.
Looks like this is still in draft 05. There are some examples in there, someone will need to try and implement based on those examples and see if it's complete enough.
from oauthlib.
There was no other draft.
Does this mean we should remove the implementation?
from oauthlib.
Related Issues (20)
- Pre-configured OIDC server should use OIDC refresh token grant type HOT 5
- Security Issue in OAuthLib HOT 1
- CI/Pipeline broken since TravisCI consumed all "OSS credits" HOT 2
- Merging the fix of CVE-2022-36087 into tag v3.2.1 HOT 8
- URI validation does not support shortform localhost IPv6 URIs HOT 1
- Latest version on pypi.org (3.2.2) not reflected here - is it safe? HOT 2
- private_key_jwt
- Will the default warning behavior for scope changes be updated? HOT 1
- Please support http.client as the a request client HOT 3
- OAuth2Session is not pickleable HOT 2
- Docs: Add link to GitHub project sidebar? HOT 1
- Support for refresh token expiration
- typing issues HOT 2
- Problem with use oauthlib with last version cryptography
- Adopt `build` because running `setup.py` is deprecated for security reasons
- Oauthlib not catching error: CompactToken validation failed with reason code: 80049228 HOT 1
- accessing session user in validate_silent_login
- fastapi Support HOT 1
- Modifications of headers returned by Client.prepare_*_request affects future calls
- Csrf warning
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauthlib.